P
US11880313B2ActiveUtilityPatentIndex 72

Storage system and method for performing and authenticating write-protection thereof

Assignee: SAMSUNG ELECTRONICS CO LTDPriority: Mar 28, 2014Filed: Jan 24, 2023Granted: Jan 23, 2024
Est. expiryMar 28, 2034(~7.7 yrs left)· nominal 20-yr term from priority
Inventors:LEE JAEGYUKIM JISOOPARK YOUNG JINSHIN BO-RAM
G06F 12/145G06F 12/1441G06F 12/1466G06F 11/1072G06F 11/1441G06F 12/0246G06F 2212/1052G06F 2212/7206
72
PatentIndex Score
2
Cited by
50
References
19
Claims

Abstract

In one embodiment, the method includes receiving, at a storage device, a request. The request includes a request message authentication code and write protect information. The write protect information includes at least one of start address information and length information. The start address information indicates a logical block address at which a memory area in a non-volatile memory of the storage device starts, and the length information indicates a length of the memory area. The method also includes generating, at the storage device, a message authentication code based on (1) at least one of the start address information and the length information, and (2) a key stored at the storage device; authenticating, at the storage device, the request based on the generated message authentication code and the request message authentication code; and processing, at the storage device, the request based on a result of the authenticating.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A storage device, comprising:
 a memory unit corresponding to non-volatile memory; and 
 a controller unit configured to communicate with a host device wherein, while in communication with the host device, the storage device is further configured to: 
 receive, from the host device, a request, the request including a request message authentication code and write protection information including at least one of start address information, length information, writable information indicating whether to apply write protection to a memory area, and a selection value selected from among at least first to third write-protection values of a field indicating a type of write-protection to apply to the memory area in response to a power-off, a hardware reset, a power-on, or the request, wherein: 
 the first write-protection value indicates that the writable information is changed to a first value after a powering on of the storage device, the first value indicating that the memory area is writable, 
 the second write-protection value indicates that the writable information is changed to a second value after a powering off or a hardware reset of the storage device, the second value indicating that the memory area is protected against writing, and 
 the third write-protection value indicates that the writable information is changed by the request, 
 the start address information indicates a logical block address at which the memory area in a non-volatile memory of the storage device starts, and 
 the length information indicates a length of the memory area; 
 generate a message authentication code based on at least one of the start address information and the length information, and a key stored at the storage device; 
 authenticate the request based on the generated message authentication code and the request message authentication code; and 
 process the request based on a result of the authentication. 
 
     
     
       2. The storage device of  claim 1 , wherein the memory area corresponds to a partition in the memory unit. 
     
     
       3. The storage device of  claim 1 , wherein the storage device further comprises a second memory unit different from the memory unit, wherein the second memory unit is configured to store the request message authentication code and the write protection information included in the request. 
     
     
       4. The storage device of  claim 1 , wherein:
 the write protection information includes both the start address information and the length information; and 
 the generated message authentication code is based on the start address information, the length information, and the key. 
 
     
     
       5. The storage device of  claim 4 , wherein:
 the write protection information includes the start address information, the length information and a partition identifier, the partition identifier identifying a partition in the memory unit, the partition including the memory area; and 
 the generated message authentication code is further based on the partition identifier. 
 
     
     
       6. The storage device of  claim 4 , wherein:
 the write protection information includes the start address information, the length information, a partition identifier identifying a partition in the memory unit, the partition including the memory area, and the writable information indicating whether to apply the write protection to the memory area; and 
 the generated message authentication code is further based on the partition identifier and the writable information. 
 
     
     
       7. The storage device of  claim 6 , wherein:
 the write protection information includes the start address information, the length information, the partition identifier, the writable information, and field indicating a kind of the write-protection to apply to the memory area; and 
 the generated message authentication code is further based on the partition identifier, the writable information, and the field. 
 
     
     
       8. The storage device of  claim 1 , wherein the generated message authentication code corresponds to a hash-based message authentication code. 
     
     
       9. The storage device of  claim 1 , wherein the controller unit is further configured to:
 authenticate the request if the generated message authentication code matches the request message authentication code and process the request if the request is authenticated; and 
 forgo authenticating the request if the generated message authentication code does not match the request message authentication code. 
 
     
     
       10. The storage device of  claim 1 , wherein the request includes instructions for the storage device to update the write protection information with information included in the request. 
     
     
       11. The storage device of  claim 10 , wherein the storage device is further configured to, while processing the request:
 increment an update counter; and 
 send a response message to the host device, the response message including a count value of the update counter. 
 
     
     
       12. The storage device of  claim 1 , wherein the storage device is further configured to:
 send a response message to the host device in response to receiving the request if the request is processed. 
 
     
     
       13. The storage device of  claim 1 , wherein the storage device is further configured to:
 store, at the storage device, the selection value of the write protection information while processing the request. 
 
     
     
       14. The storage device of  claim 13 , wherein the storage device is further configured to:
 receive a write command to write data to the memory unit; and 
 determine whether to process the write command based on the selection value stored after receiving the request. 
 
     
     
       15. The storage device of  claim 1 , wherein the request is a WP Descriptor Update Request about a write-protect descriptor including the write protection information. 
     
     
       16. The storage device of  claim 15 , wherein the storage device is further configured to:
 receive a WP Descriptor Read Request from the host device before receiving the request; 
 transmit a WP Descriptor Read Response to the host device in response to the WP Descriptor Read Request before receiving the request. 
 
     
     
       17. The storage device of  claim 1 , wherein the storage device is a memory card. 
     
     
       18. The storage device of  claim 1 , wherein the storage device is embedded in the host device. 
     
     
       19. The storage device of  claim 1 , wherein the storage device is an external device that is connectable to the host device to communicate with the host device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.